Versant Health, Inc.
Senior Governance Risk Compliance Analyst
Versant Health, Inc., Troy, New York, United States
Senior Governance Risk Compliance Analyst
Troy, NY, USA
Job Description Posted Monday, January 5, 2026 at 5:00 AM
Senior Governance Risk Compliance Analyst
Who are we?
Versant Health is one of the nation’s leading administrators of managed vision care, serving millions of our clients’ members nationwide. We are driven by our mission to help members enjoy the wonders of sight through healthy eyes and vision.
As a Versant Health associate, you can enjoy a comprehensive Total Rewards package, which includes health and dental insurance, tuition reimbursement, 401(k) with company match, pet insurance, no-cost-to-you vision insurance for you and your qualified dependents. We are also invested in your success. There are many opportunities for advancement and development throughout all stages of your career with us.
See how you can make a difference with the support of strong leadership and a team environment.
See Everything, Be Anything™.
What are we looking for?
The Governance, Risk, and Compliance (GRC) Analyst is responsible for assisting the Director, Information Security (Governance, Risk, and Compliance) in executing strategic measures to manage and mitigate risks and reduce potential impacts on IT resources to an acceptable level to the business; apply compliance management by ensuring that the business attains its security control objectives by meeting legal, regulatory, industry, and customer requirements; and measure and report associated metrics to ensure that organizational objectives are monitored and achieved.
Where you will have an impact
Maintain program trackers and controls performance for IT Security, ensuring that operational controls, procedures, and resources are documented effectively to manage risk across all enterprise assets including on-prem, COLO, and cloud resources IT Control Testing & Control Health
Complete assigned IT controls on pre-defined intervals (including ad hoc, daily, weekly, monthly, quarterly, and yearly), ensuring the health of all IT controls, and manages corrective action plans needed to address any control gaps, weaknesses, or failures
Contribute to compliance audits and assessments by delivering detailed documentation, supporting evidence, and insights related to IT risk management and control activities
Ensure customer compliance commitments are always met, and support all interactions with customer audits of our program
Ensure assigned policies and procedures meet audit requirements and periodically update deadlines
Conduct training and knowledge transfer on the execution of audit related control execution for end users and management
Support the analysis of complex systems, applications, and processes to evaluate security vulnerabilities and potential threats
Document the organization's IT assets, maintaining the integrity and confidentiality of sensitive information
Conduct comprehensive risk assessments of IT systems, networks, and applications to identify potential vulnerabilities and threats
Support the development of and oversee the execution of risk and exception mitigation strategies and action plans to address identified vulnerabilities and gaps in security controls
Provide expert guidance and recommendations on security governance best practices, configurations, and system hardening techniques
Participate in lessons learned to enhance GRC processes and prevent recurrence of exceptions
Collaborate with internal audit, legal, and compliance teams to address high-level risk-related inquiries, requests, and reporting requirements
Lead additional projects and perform other duties as assigned
What’s necessary to do the job?
Bachelor's degree in related field required
An equivalent combination of experience and education will be considered in lieu of a bachelor's degree
Four (4) years of IT Security or Audit experience required
Experience in managing and accessing information security risks required
Detailed knowledge of HIPAA, NIST, PCI, HITRUST, SOC required
Experience with enterprise level identity management to support trusted interactions between disparate entities required
Healthcare experience preferred
CISSP, CISM, CRISC, or CISA preferred
HIPAA & Security Requirements
All Associates must comply with the Health Insurance Portability Accountability Act of 1996 (HIPAA) as it pertains to disclosures of protected health information (PHI) as described in the Notice of Privacy Practices and HIPAA Privacy Policies and Procedures. As a component of job roles and responsibilities, Associates may have access to covered information, cardholder data or other confidential customer information which must be protected at all times. As a result, Associates must explicitly adhere to all data security guidelines established within the Company’s Privacy & Security Training Program.
Versant Health will never request money from candidates who seek employment with us and will never ask for any payment as part of the recruitment process.
Versant Health is a proud Equal Employment Opportunity and affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment at Versant Health without regards to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.
#J-18808-Ljbffr
Job Description Posted Monday, January 5, 2026 at 5:00 AM
Senior Governance Risk Compliance Analyst
Who are we?
Versant Health is one of the nation’s leading administrators of managed vision care, serving millions of our clients’ members nationwide. We are driven by our mission to help members enjoy the wonders of sight through healthy eyes and vision.
As a Versant Health associate, you can enjoy a comprehensive Total Rewards package, which includes health and dental insurance, tuition reimbursement, 401(k) with company match, pet insurance, no-cost-to-you vision insurance for you and your qualified dependents. We are also invested in your success. There are many opportunities for advancement and development throughout all stages of your career with us.
See how you can make a difference with the support of strong leadership and a team environment.
See Everything, Be Anything™.
What are we looking for?
The Governance, Risk, and Compliance (GRC) Analyst is responsible for assisting the Director, Information Security (Governance, Risk, and Compliance) in executing strategic measures to manage and mitigate risks and reduce potential impacts on IT resources to an acceptable level to the business; apply compliance management by ensuring that the business attains its security control objectives by meeting legal, regulatory, industry, and customer requirements; and measure and report associated metrics to ensure that organizational objectives are monitored and achieved.
Where you will have an impact
Maintain program trackers and controls performance for IT Security, ensuring that operational controls, procedures, and resources are documented effectively to manage risk across all enterprise assets including on-prem, COLO, and cloud resources IT Control Testing & Control Health
Complete assigned IT controls on pre-defined intervals (including ad hoc, daily, weekly, monthly, quarterly, and yearly), ensuring the health of all IT controls, and manages corrective action plans needed to address any control gaps, weaknesses, or failures
Contribute to compliance audits and assessments by delivering detailed documentation, supporting evidence, and insights related to IT risk management and control activities
Ensure customer compliance commitments are always met, and support all interactions with customer audits of our program
Ensure assigned policies and procedures meet audit requirements and periodically update deadlines
Conduct training and knowledge transfer on the execution of audit related control execution for end users and management
Support the analysis of complex systems, applications, and processes to evaluate security vulnerabilities and potential threats
Document the organization's IT assets, maintaining the integrity and confidentiality of sensitive information
Conduct comprehensive risk assessments of IT systems, networks, and applications to identify potential vulnerabilities and threats
Support the development of and oversee the execution of risk and exception mitigation strategies and action plans to address identified vulnerabilities and gaps in security controls
Provide expert guidance and recommendations on security governance best practices, configurations, and system hardening techniques
Participate in lessons learned to enhance GRC processes and prevent recurrence of exceptions
Collaborate with internal audit, legal, and compliance teams to address high-level risk-related inquiries, requests, and reporting requirements
Lead additional projects and perform other duties as assigned
What’s necessary to do the job?
Bachelor's degree in related field required
An equivalent combination of experience and education will be considered in lieu of a bachelor's degree
Four (4) years of IT Security or Audit experience required
Experience in managing and accessing information security risks required
Detailed knowledge of HIPAA, NIST, PCI, HITRUST, SOC required
Experience with enterprise level identity management to support trusted interactions between disparate entities required
Healthcare experience preferred
CISSP, CISM, CRISC, or CISA preferred
HIPAA & Security Requirements
All Associates must comply with the Health Insurance Portability Accountability Act of 1996 (HIPAA) as it pertains to disclosures of protected health information (PHI) as described in the Notice of Privacy Practices and HIPAA Privacy Policies and Procedures. As a component of job roles and responsibilities, Associates may have access to covered information, cardholder data or other confidential customer information which must be protected at all times. As a result, Associates must explicitly adhere to all data security guidelines established within the Company’s Privacy & Security Training Program.
Versant Health will never request money from candidates who seek employment with us and will never ask for any payment as part of the recruitment process.
Versant Health is a proud Equal Employment Opportunity and affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment at Versant Health without regards to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.
#J-18808-Ljbffr